[Freeipa-users] RHEL + IPA + Zimbra = ?

Thu May 31 14:53:24 UTC 2012

On Thu, 2012-05-31 at 15:13 +0100, Dale Macartney wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> 
> 
> On 31/05/12 15:10, Simo Sorce wrote:
> > On Thu, 2012-05-31 at 07:55 +0100, Dale Macartney wrote:
> >>
> >> -----BEGIN PGP SIGNED MESSAGE-----
> >> Hash: SHA1
> >>
> >>
> >>
> >> On 31/05/12 00:13, Dmitri Pal wrote:
> >>> On 05/30/2012 06:12 PM, Dale Macartney wrote:
> >>>>
> >>>> Evening all
> >>>>
> >>>> Has anyone dabbled with Zimbra integration with IPA as yet? I just
> >> had a
> >>>> brief brainstorm moment of thinking "Now that would be useful".
> >>>>
> >>>> I'm curious to see if anyone else has tried it? Otherwise I'll give
> >> a go
> >>>> and see what docs I can produce from my endeavours. Pointers,
> >> requests
> >>>> and opinions welcomed.
> >>>>
> >>>> Night all
> >>>>
> >>>> Dale
> >>>>
> >>>
> >>> Are you talking about SSO or just using IPA as a back end identity
> >> store.
> >>> I do not think it was tried but I do not see a lot of issues.
> >>> If there are I would like to see tickets.
> >>> As for kerberos SSO it might be quite a different situation which
> >> needs to be investigated.
> >>>
> >> I was thinking as a solution in general to be honest. I'll fire it up
> >> with IPA as a backend store initially just to see it working. The
> >> endgame goal though would be SSO. Like all my projects SSO is what I
> >> am aiming for, but in some cases its not possible.
> >>
> >> I've requested an eval key for the enterprise supported release. I'll
> >> try to get them involved in the process as well if push comes to
> >> shove. They will benefit from this as well in the end.
> >>
> >> I'll feed back to the list with progress.
> >
> > As far as I know Zimbra supports retrieving users from LDAP and using
> > Kerberos for authentication.
> > In the very latest code they also fixed using Negotiate auth to login
> > using Kerberos against the Web interface even when their proxy is being
> > used, so now all components of Zimbra should be usable with krb auth.
> > This means a properly configured Browser/MUA should be able to do full
> > SSO auth against Zimbra.
> >
> > If you can test their latest release and report any gotchas in
> > configuration that would be awesome!
> >
> > Simo.
> >
> I'm definitely up for it. I had a day off today actually, so most of the
> day has been spent on my test lab. Will follow up soon. I haven't used
> Zimbra before so I'll do it a few times to get things consistent, then I
> might ask for some community QA on my steps to be honest.
> 
> keep you all posted. I have received a license key and was playing
> earlier today with 7.2 (downloaded last night). Hopefully they don't
> change that too frequently.

That version should work if you do not use a proxy, the proxy fix should
be in version 8, but you should have no issues with the eval as the
proxy is used only in advanced configurations for load balancing AFAIK.

Simo.

-- 
Simo Sorce * Red Hat, Inc * New York